Last updated:
27-JUL-2015

Access Point Connectivity – Remote Site Preparations

If you plan to demonstrate Enterprise Networking or Security content utilizing an on-site Access Point (AIR-CAP model) at a non-Cisco site, review these remote site preparation instructions to ensure a successful meeting.

There are two ways to prepare:

  • Using an endpoint kit (Highly recommended).
    NOTE: Some scripts require an Endpoint kit. Please see the particular script for the content you intend to highlight.
  • Using an access point (AP) only.

Using an Endpoint Kit (dCloud registered ISR)

  1. Prior to arriving at the remote site, make sure your devices are enabled:
    • Ensure your endpoint router is registered for use with dCloud.
      NOTE: If you do not have a router, learn how to get one to use for your dCloud sessions.
    • Test your endpoint router connectivity prior to going to your remote site by connecting your laptop to the same wired port your endpoint router will use.
    • Test connectivity to dCloud.
    • Success on VPN means you can use your endpoint router on this connection.
    • Plug the WAN port of the router into an Internet connection. Schedule and complete a practice session with the endpoint router.
    • If using an external AP, attach it to one of the LAN ports on the endpoint router and ensure the private address for the wireless LAN controller is configured on the AP as indicated in the AP provisioning section of the associated content guide.
  2. Ensure wired VPN connectivity at the customer site for your endpoint router.
    NOTE: Contact the site representative and ensure you will have a wired connection that supports VPN (TCP 443) for your endpoint router at the site.
  3. Once at the remote site:
    • Plug in your endpoint router. It will find your scheduled session.
    • Test for proper VPN connectivity using steps 1b and 1c above.

Using an Access Point Only

  1. Prior to arriving at the remote site, make sure you are familiar with provisioning your AP with a wireless LAN controller IP address. This information is in the AP Provisioning section of your script.
  2. Prior to arriving at the remote site, have an associate at the remote site test bandwidth and VPN connectivity using the same wired connection that will be used for the session.
  3. If the BYOD Data, BYOD Control, and VPN Ready tests are not successful, ensure the firewall configuration allows the protocols and ports specified in Appendix A. (Using a endpoint router avoids data and control port (CAPWAP) issues)
  4. Verify with the remote site that the access point will receive an IP address.
    • Check to see if a firewall is blocking access points from receiving IP addresses, or if switchport security prevents this.
    • You may need to request a static IP address and default gateway address from the customer. See Appendix B for configuring a static IP address on your access point.
  5. Once at the remote site:
    • Plug into the port that will be used for the session with a wired laptop and verify connectivity by using the bandwidth and VPN connectivity test link from Step 2 above.
    • On the dCloud website, locate your session and click View. Click Review Session Info and locate the public address with the description of the wireless LAN controller.
    • Configure the public address of the wireless LAN controller on your access point. See Appendix C for configuring the wireless LAN controller address on your access point.
    • If the connection test was successful, attach the configured access point to the network using the same port where the test was conducted.
    NOTE: If you are using a static IP address, configure the static IP address provided prior to attaching the access point to the network as explained in Appendix B and test this address on your laptop to ensure connectivity.

The AP connects to the demo system with an LED color of solid green or solid purple for OEAP 600. The SSIDs may NOT be visible on your endpoint device until you complete the AP Verification explained in the demonstration guide you will complete. You are now ready to conduct the demonstration.

Appendix A – Firewall Port Requirements to Support the Demonstration

Necessary ports:

If not using an endpoint router, UDP 5246 and 5247 should be opened to:

  • Americas data center: 64.100.10.0/23
  • EMEAR data center: 173.38.219.0/26, 173.38.218.64/26 and 173.38.218.128/25
  • APJ data center: 173.39.117.0/26 and 173.39.116.128/25
  • GC data center: 72.163.250.0/25

AnyConnect and endpoint router VPN: Use TCP 443 for most networks.

Appendix B – Configuring a Static IP Address on the Access Point

OEAP 600 – Adding and Removing a Static IP Address

  1. Plug into port #1 on the AP and browse to 10.0.0.1 via a web browser. Log in with the default credentials of admin/admin.
  2. Select Configuration > WAN. Check the box for Static IP and enter the IP Address, Subnet Mask, and Default Gateway information.
  3. To remove the static IP address, uncheck the corresponding box.

Figure 1. Controller Settings

controller_settings

Non-OEAP 600 – Adding and Removing a Static IP Address

Once a static IP address is configured on the AP, it does not need to be removed. If the AP cannot connect the network via the static IP address, it will automatically use DHCP to connect.

  1. Console into the AP.  Log in with the default credentials of Cisco/Cisco.
  2. Issue these commands to assign a static IP address to your AP:
    capwap ap ip address <address> <subnet mask> (Enter the IP address and subnet mask provided by the customer)
    capwap ap ip default-gateway <address> (Enter the IP address provided by the customer)
    show capwap ip config (This will verify that the above commands were successful)

Appendix C – Configuring Controller IP address on the Access Point

OEAP 600:

  1. Connect to OEAP 600 ports 1 or 2 and browse to 10.0.0.1 via a web browser. Log in with the default credentials of admin/admin.
  2. Click Configuration.

    Figure 2. Configuration Home Screen

    configuration_home

  3. Select WAN from the menu bar and enter the controller IP address for your demonstration session.
    NOTE: This is the controller IP address of your controller from the scheduled demonstration page. If you are using an endpoint router, enter the private address for the wireless LAN controller.

    Figure 3. Controller Address Configuration

    configuration_address

  4. Click Apply.
  5. Click Continue.
    NOTE: The web browser may indicate that you have lost connectivity. Please refresh the browser to re-gain the AP interface.

Non OEAP 600:

  1. Console into the access point. Log in with the default credentials of Cisco/Cisco.
  2. Run the following command:
    capwap ap controller ip address <WLC Public IP>

    NOTE: Use the IP address of your controller from the scheduled demonstration page. It is important to verify that your access point has an IP address. Please ensure the access point does not state “Not sending discovery request. AP does not have an IP.” If you are using an endpoint router, enter the private address for the wireless LAN controller.